SIMATIC S7-1200 CPU Family Version 4: All versions prior to 4.2.3 suffer from the remotely exploitable vulnerability, discovered by Lisa Fournet and Marl Joos from P3 communications GmbH who reported it to Siemens.

In the vulnerability, the web interface could allow a CSRF attack if an unsuspecting user ends up tricked into accessing a malicious link. Successful exploitation requires interaction with a legitimate user, who must be authenticated to the web interface. A successful attack could allow an attacker to trigger actions via the web interface that the legitimate user is allowed to perform. This could allow the attacker to read or modify parts of the device configuration.

CVE-2018-13800 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.5.

The product sees use in the chemical, energy, food and agriculture, healthcare and public health, transportation systems, and water and wastewater systems sectors. It also sees action on a global basis.

High skill level is needed to exploit.

Siemens has a firmware update (v4.2.3) and recommended users update to the new version. This update can be found on their website.

To reduce the risk, Siemens recommends users not visit other websites while being authenticated against the PLC.

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens’ operational guidelines for industrial security, and following the recommendations in the product manuals.